LulzSec hackers steal passwords from FBI affiliate

A group that tracks cyber crime on behalf of the U.S. Federal Bureau of Investigations (FBI) was attacked last week and all of its members’ login information was published online after hackers with the group LulzSec compromised their website.

The organization, InfraGard Atlanta, is a non-profit sponsored by the FBI, state and local law enforcement, area business leaders and educational institutions, dedicated to tracking cyber crime and facilitating the flow of information between agencies.

“Someone did compromise the website,” InfraGard Atlanta told The Associated Press. “We do not at this time know how the attack occurred or the method used to reveal the passwords.”

In a statement published online, LulzSec said they carried out the breach as a response to NATO and U.S. President Barack Obama raising the stakes on cyber attacks.

The Pentagon said last week it had instituted a new policy that regards major cyber attacks as acts of war.

The hackers said that during their attack, they learned that one of InfraGard’s members used the same password for his email account. They allegedly used that knowledge to take over servers at Unevillance, which bills itself as as “data leakage intelligence” firm.

LulzSec also made a number of allegations against Karim Hijazi, the company’s CEO, singling him out as a symbol of what they called “the corruption of whitehats,” and admitted to stealing over 1,000 personal emails from his account.

“We also briefly took over, among other things, their servers and their botnet control panel,” they wrote.

“I was personally contacted by several members of this group who made threats against me and my company to try to obtain money as well as to force me into revealing sensitive data about my botnet intelligence that would have put many other businesses, government agencies and individuals at risk of massive Distributed Denial of Service (DDoS) attacks,” Hijazi wrote in a post to Unevillance’s website.

“In spite of these threats, I refused to pay off LulzSec or to supply them with access to this sensitive botnet information. Had we agreed to provide this data to them, LulzSec would have been able to grow the size and scope of their DDoS attack and fraud capabilities.”

He claimed to have succeeded in protecting the company’s most sensitive data.

LulzSec hackers have also recently attacked Sony Pictures Entertainment, accessing up to a million user accounts, and public broadcaster PBS, publishing a story about rapper Tupac being discovered “alive.” They called the attack a response to a PBS “Frontline” documentary that was critical of secrets outlet WikiLeaks.

About the Author

Stephen C. Webster is the senior editor of Raw Story, and is based out of Austin, Texas. He previously worked as the associate editor of The Lone Star Iconoclast in Crawford, Texas, where he covered state politics and the peace movement’s resurgence at the start of the Iraq war. Webster has also contributed to publications such as True/Slant, Austin Monthly, The Dallas Business Journal, The Dallas Morning News, Fort Worth Weekly, The News Connection and others. Follow him on Twitter at @StephenCWebster.